RFP-427. 04-107-08 STATE GOVERNMENT DEPARTMENT OF FINANCE AND ADMINISTRATION REQUEST FOR PROPOSALS FOR INFORMATION SECURITY ASSESSMENT SERVICES (ISAS) RFP NUMBER: 427. 04-107-08 CONTENTS SECTION 1 2 3 4 5 INTRODUCTION RFP SCHEDULE OF EVENTS PROPOSAL REQUIREMENTS GENERAL REQUIREMENTS & CONTRACTING INFORMATION PROPOSAL EVALUATION & CONTRACT AWARD RFP ATTACHMENTS: 6. 1 Pro Forma Contract Contract Attachment A: Attestation Re Personnel Used in Contract Performance Contract Attachment B: Memorandum of Understanding (MOU) Contract Attachment C: HIPPA Business Associate Agreement 6. 6. 3 Proposal Transmittal/Statement Of Certifications & Assurances Technical Proposal & Evaluation Guide Section A – Mandatory Requirements Section B – Qualifications & Experience RFP-427. 04-107-08 Section C – Technical Approach Section D – Security Gap Analysis Section E – Privacy Data Section F – Security Assessment Section G – Security Assessment Report Section H – Mitigating Risks Section I – BIA, BCP, and DRP Section J – Layered Security Solution 6. 4 6. 5 6. 6 6. Cost Proposal & Scoring Guide Proposal Score Summary Matrix Reference Questionnaire Supplemental Templates 2 RFP-427. 04-107-08 1 1. 1 INTRODUCTION Statement of Purpose The State Government, Department of Finance and Administration, hereinafter referred to as the State, has issued this Request for Proposal (RFP) to define the State’s minimum service requirements; solicit proposals; detail proposal requirements; and, outline the State’s process for evaluating proposals and selecting the contractor.
Through this RFP, the State seeks to buy the best services at the most favorable, competitive prices and to give ALL qualified businesses, including those that are owned by minorities, women, persons with a disability, and small business enterprises, opportunity to do business with the state as contractors and sub-contractors. The State intends to secure a contract for Information Security Assessment Services (ISAS) Consultants to assist in strengthening the State’s security posture. Services include vulnerability assessments, penetration tests, and source code reviews.
Don’t waste your time!
Order your assignment!
Vulnerability assessments and penetration testing services will be used to identify and validate configuration and/or technical flaws within a given system or network (i. e. firewalls, routers, servers, operating systems, applications, databases, loadbalancers, etc. ). Source code reviews will be conducted to identify programming errors that may lead to security issues (i. e. format string mistakes, buffer overflows, memory leaks, etc. ). A vendor that currently has active managed security service provider contract(s) with any State Government agency cannot bid on this RFP.
In addition, during the term of the Contract awarded from this RFP, the winning vendor cannot bid on any procurement for managed security services released by State Government agencies or otherwise provide managed security services to State Government agencies. The vendor shall provide the services required by this RFP within the context of the technical environment described by the State Information Resources Architecture (sometimes referred to as the technical architecture). The vendor may request a copy of the Architecture by submitting a written request to the RFP coordinator listed in RFP Section 1. . 1. 1. 1. 2 Scope of Service, Contract Period, and Required Terms and Conditions The RFP Attachment 6. 1, Pro Forma Contract details the State’s required: ? ? ? ? ? Scope of Services and Deliverables in Section A; Contract Period in Section B; Payment Terms in Section C; Standard Terms and Conditions in Section D; and, Special Terms and Conditions in Section E. The pro forma contract substantially represents the contract document that the proposer selected by the State MUST agree to and sign. 1. Nondiscrimination No person shall be excluded from participation in, be denied benefits of, be discriminated against in the admission or access to, or be discriminated against in treatment or employment in the State’s contracted programs or activities on the grounds of disability, age, race, color, religion, sex, national origin, or any other classification protected by federal or State Constitutional or statutory law; nor shall they be excluded from participation in, be denied benefits of, or be otherwise subjected to discrimination in the performance of contracts with the State or in the employment practices of the State’s contractors.
Accordingly, all vendors entering into contracts with the State shall, upon request, be required to show proof of such nondiscrimination and to post in conspicuous places, available to all employees and applicants, notices of nondiscrimination. The State has designated the following to coordinate compliance with the nondiscrimination requirements of the State Government, Title VI of the Civil Rights Act of 1964, the Americans with Disabilities Act of 1990, and applicable federal regulations. Emily M. Tassini, Ph. D Senior Management Consultant F&A / Office of Consulting Services 3
RFP-427. 04-107-08 State Government Tower, 12th Floor 312 8th Avenue North Capitol City, NY 12345-1200 866-741-6030 1. 4 Assistance to Proposers with a Disability A Proposer with a disability may receive accommodation regarding the means of communicating this RFP and participating in this RFP process. A Proposer with a disability should contact the RFP Coordinator to request reasonable accommodation no later than the Disability Accommodation Request Deadline detailed in the RFP Section 2, Schedule of Events. 1. 5 1. 5. RFP Communications Unauthorized contact regarding this RFP with employees or officials of the State Government other than the RFP Coordinator detailed below may result in disqualification from this procurement process. Interested Parties must direct all communications regarding this RFP to the following RFP Coordinator, who is the state Government’s only official point of contact for this RFP. Dorothy Turner Department of Finance and Administration State Government Tower, 12th Floor 312 8th Avenue North Capitol City, NY 12345-1200 Telephone Number: 866-741-7361 Fax Number: 866-741-6164 Dorothy. [email protected] ny. us 1. 5. 1. 2 Notwithstanding the foregoing, Interested Parties may contact the staff of the Governor’s Office of Diversity Business Enterprise for general, public information regarding this RFP, assistance available from the Governor’s Office of Diversity Business Enterprise, or potential future state procurements. The State has assigned the following RFP identification number that must be referenced in all communications regarding the RFP: RFP-427. 04-107-08 1. 5. 3 1. 5. 4 Any oral communications shall be considered unofficial and non-binding with regard to this RFP.
Each Proposer shall assume the risk of the method of dispatching any communication or proposal to the State. The State assumes no responsibility for delays or delivery failures resulting from the method of dispatch. Actual or electronic “postmarking” of a communication or proposal to the State by a deadline date shall not substitute for actual receipt of a communication or proposal by the State. The RFP Coordinator must receive all written comments, including questions and requests for clarification, no later than the Written Comments Deadline detailed in the RFP Section 2, Schedule of Events.
The State reserves the right to determine, at its sole discretion, the appropriate and adequate responses to written comments, questions, and requests for clarification. The State’s official responses and other official communications pursuant to this RFP shall constitute an amendment of this RFP. The State will convey all official responses and communications pursuant to this RFP to the potential proposers from whom the State has received a Notice of Intent to Propose. Only the State’s official, written responses and communications shall be considered binding with regard to this RFP.
The State reserves the right to determine, at its sole discretion, the method of conveying official responses and communications pursuant to this RFP (e. g. , written, facsimile, electronic mail, or Internet posting). Most important documents will be posted on the State’s website. Any data or factual information provided by the State, in this RFP or an official response or communication, shall be deemed for informational purposes only, and if a Proposer relies on such 4 1. 5. 1. 1 1. 5. 2 1. 5. 5 1. 5. 6 1. 5. 7 1. 5. 8 1. 5. 9 1. 5. 0 RFP-427. 04-107-08 data or factual information, the Proposer should either: (1) independently verify the information; or, (2) obtain the State’s written consent to rely thereon. 1. 6 Notice of Intent to Propose Each potential proposer should submit a Notice of Intent to Propose to the RFP Coordinator by the deadline detailed in the RFP Section 2, Schedule of Events. The notice should include: ? ? ? ? Proposer’s name name and title of a contact person address, telephone number, and facsimile number of the contact person email address
NOTICE: A Notice of Intent to Propose creates no obligation and is not a prerequisite for making a proposal, however, it is necessary to ensure receipt of RFP amendments and other communications regarding the RFP (refer to RFP Sections 1. 5, et seq. , above). 1. 7 Proposal Deadline Proposals must be submitted no later than the Proposal Deadline time and date detailed in the RFP Section 2, Schedule of Events. A proposal must respond to the written RFP and any RFP exhibits, attachments, or amendments.
A late proposal shall not be accepted, and a Proposer’s failure to submit a proposal before the deadline shall cause the proposal to be disqualified. 1. 8 Pre-Proposal Conference A Pre-Proposal Conference will be held at the time and date detailed in the RFP Section 2, Schedule of Events. The purpose of the conference is to discuss the RFP scope of services. While questions will be entertained, the response to any question at the Pre-Proposal Conference shall be considered tentative and non-binding with regard to this RFP.
Questions concerning the RFP should be submitted in writing prior to the Written Comments Deadline date detailed in the RFP Section 2, Schedule of Events. To ensure accurate, consistent responses to all known potential Proposers, the official response to questions will be issued by the State as described in RFP Sections 1. 5, et seq. , above and on the date detailed in the RFP Section 2, Schedule of Events. Pre-Proposal Conference attendance is not mandatory, and each potential Proposer may be limited to a maximum number of attendees depending upon overall attendance and space limitations.
The conference will be held at: The Robertson Room State Government Tower, 3rd Fl. 312 8th Avenue North Capitol City, NY 12345 5 RFP-427. 04-107-08 2 RFP SCHEDULE OF EVENTS The following Schedule of Events represents the State’s best estimate of the schedule that will be followed. Unless otherwise specified, the time of day for the following events will be between 8:00 a. m. and 4:30 p. m. , Eastern Time. RFP SCHEDULE OF EVENTS NOTICE: The State reserves the right, at its sole discretion, to adjust this schedule as it deems necessary.
The State will communicate any adjustment to the Schedule of Events to the potential proposers from whom the State has received a Notice of Intent to Propose. EVENT 1. State Issues RFP 2. Disability Accommodation Request Deadline 10:00 a. m. TIME DATE (all dates are state business days) 3. Pre-proposal Conference 4. Notice of Intent to Propose Deadline 5. Written Comments Deadline 6. State Responds to Written Comments 7. Proposal Deadline 8. State Completes Technical Proposal Evaluations 9. State Opens Cost Proposals and Calculates Scores 10.
State Issues Evaluation Notice and Opens RFP Files for Public Inspection 11. Contract Signing 12. Contract Signature Deadline 13. Contract Start Date 9:00 a. m. 9:00 a. m. 2:00 p. m. 6 RFP-427. 04-107-08 3 PROPOSAL REQUIREMENTS Each Proposer must submit a proposal in response to this RFP with the most favorable terms that the Proposer can offer. There will be no best and final offer procedure. 3. 1 3. 1. 1 3. 1. 2 Proposal Form and Delivery Each response to this RFP must consist of a Technical Proposal and a Cost Proposal (as described below).
Each Proposer must submit one (1) original and six (6) copies, and one (1) CD containing a copy in “. pdf” format of the Technical Proposal to the State in a sealed package that is clearly marked: “Technical Proposal in Response to RFP- 427. 04-107-08 — Do Not Open” NOTE: One hard copy must be marked “Original. ” In the event of any differences between printed and electronic versions, or problems with the CD, the contents of the hard copy marked “Original” shall prevail. Do not include any costs in either form of the Technical Proposal. 3. 1. 3
Each Proposer must submit one (1) Cost Proposal to the State in a separate, sealed package that is clearly marked: “Cost Proposal in Response to RFP- 427. 04-107-08 — Do Not Open” 3. 1. 4 If a Proposer encloses the separately sealed proposals (as detailed above (in a larger package for mailing, the Proposer must clearly mark the outermost package: “Contains Separately Sealed Technical and Cost Proposals for RFP # 427. 04-107-08” 3. 1. 5 The State must receive all proposals in response to this RFP, at the following address, no later than the Proposal Deadline time and date detailed in the RFP Section 2, Schedule of Events.
Department of Finance and Administration Office for Information Resources ATTN: Dorothy Turner State Government Tower 17th Floor, 312 8th Ave. North Capitol City, NY 12345-1700 3. 1. 6 3. 2 3. 2. 1 A Proposer may not deliver a proposal orally or by any means of electronic transmission. Technical Proposal The RFP Attachment 6. 3, Technical Proposal and Evaluation Guide details specific requirements for making a Technical Proposal in response to this RFP. This guide includes mandatory and general requirements as well as technical queries requiring a written response.
NOTICE: No pricing information shall be included in the Technical Proposal. Inclusion of Cost Proposal amounts in the Technical Proposal shall make the proposal non-responsive and the State shall reject it. 3. 2. 2 Each Proposer must use the Technical Proposal and Evaluation Guide to organize, reference, and draft the Technical Proposal. Each Proposer should duplicate the Technical Proposal and Evaluation Guide and use it as a table of contents covering the Technical Proposal (adding proposal page numbers as appropriate).
Each proposal should be economically prepared, with emphasis on completeness and clarity of content. A proposal, as well as any reference material presented, must be written in English and must be written on standard 8 1/2″ x 11″ paper (although foldouts containing charts, spreadsheets, and oversize exhibits are permissible). All proposal pages must be numbered. All information included in a Technical Proposal should be relevant to a specific requirement detailed in the Technical Proposal and Evaluation Guide. All information must be incorporated into a response to a specific requirement and clearly referenced.
Any information not meeting these criteria will be deemed extraneous and will in no way contribute to the evaluation process. 3. 2. 3 3. 2. 4 7 RFP-427. 04-107-08 3. 2. 5 The State may determine a proposal to be non-responsive and reject it if the Proposer fails to organize and properly reference the Technical Proposal as required by this RFP and the Technical Proposal and Evaluation Guide. The State may determine a proposal to be non-responsive and reject it if the Technical Proposal document fails to appropriately address/meet all of the requirements detailed in the Technical Proposal and Evaluation Guide.
Cost Proposal The Cost Proposal must be submitted to the State in a sealed package separate from the Technical proposal. Each Cost Proposal must be recorded on an exact duplicate of the RFP Attachment 6. 4, Cost Proposal and Evaluation Guide. Each Proposer shall ONLY record the proposed cost exactly as required by the Cost Proposal and Evaluation Guide and shall NOT record any other rates, amounts, or information. The proposed cost shall incorporate all costs for services under the contract for the total contract period. The Proposer must sign and date the Cost Proposal.
If a Proposer fails to submit a Cost Proposal as required, the State shall determine the proposal to be non-responsive and reject it. 3. 2. 6 3. 3 3. 3. 1 3. 3. 2 3. 3. 3 3. 3. 4 3. 3. 5 3. 3. 6 8 RFP-427. 04-107-08 4 4. 1 GENERAL REQUIREMENTS & CONTRACTING INFORMATION Proposer Required Review and Waiver of Objections Each Proposer must carefully review this RFP and all attachments, including but not limited to the pro forma contract, for comments, questions, defects, objections, or any other matter requiring clarification or correction (collectively called “comments”).
Comments concerning RFP objections must be made in writing and received by the State no later than the Written Comments Deadline detailed in the RFP Section 2, Schedule of Events. This will allow issuance of any necessary amendments and help prevent the opening of defective proposals upon which contract award could not be made. Protests based on any objection shall be considered waived and invalid if these comments/objections have not been brought to the attention of the State, in writing, by the Written Comments Deadline. 4. 2
RFP Amendment and Cancellation The State reserves the unilateral right to amend this RFP in writing at any time. If an RFP amendment is issued, the State will convey such amendment to the potential proposers who submitted a Notice of Intent to Propose. Each proposal must respond to the final written RFP and any exhibits, attachments, and amendments. The State Government reserves the right, at its sole discretion, to cancel and reissue this RFP or to cancel this RFP in its entirety in accordance with applicable laws and regulations. 4. 3 4. 3. 1 4. 3. 2
Proposal Prohibitions and Right of Rejection The State Government reserves the right, at its sole discretion, to reject any and all proposals in accordance with applicable laws and regulations. Each proposal must comply with all of the terms of this RFP and all applicable State laws and regulations. The State may reject any proposal that does not comply with all of the terms, conditions, and performance requirements of this RFP. The State may consider any proposal that does not meet the requirements of this RFP to be non-responsive, and the State may reject such a proposal.
A proposal of alternate services (i. e. , a proposal that offers services different from those requested by this RFP) shall be considered non-responsive and rejected. A Proposer may not restrict the rights of the State or otherwise qualify a proposal. The State may determine such a proposal to be a non-responsive counteroffer, and the proposal may be rejected. A Proposer may not submit the Proposer’s own contract terms and conditions in a response to this RFP.
If a proposal contains such terms and conditions, the State may determine, at its sole discretion, the proposal to be a non-responsive counteroffer, and the proposal may be rejected. A Proposer shall not submit more than one proposal. Submitting more than one proposal shall result in the disqualification of the Proposer. A Proposer shall not submit multiple proposals in different forms. This prohibited action shall be defined as a Proposer submitting one proposal as a prime contractor and permitting a second Proposer to submit another proposal with the first Proposer offered as a subcontractor.
This restriction does not prohibit different Proposers from offering the same subcontractor as a part of their proposals, provided that the subcontractor does not also submit a proposal as a prime contractor. Submitting multiple proposals in different forms may result in the disqualification of all Proposers knowingly involved. The State shall reject a proposal if the Cost Proposal was not arrived at independently without collusion, consultation, communication, or agreement as to any matter relating to such prices with any other Proposer.
Regardless of the time of detection, the State shall consider any of the foregoing prohibited actions to be grounds for proposal rejection or contract termination. The State shall not contract with or consider a proposal from: an individual who is, or within the past six months has been, an employee or official of the State Government; a company, corporation, or any other contracting entity in which an ownership of two percent (2%) or more is held by an individual who is, or within the past six months has been, an employee or official of 9 . 3. 3 4. 3. 4 4. 3. 5 4. 3. 6 4. 3. 7 4. 3. 8 4. 3. 9 4. 3. 9. 1 4. 3. 9. 2 RFP-427. 04-107-08 the State Government (this shall not apply either to financial interests that have been placed into a “blind trust” arrangement pursuant to which the employee does not have knowledge of the retention or disposition of such interests or to the ownership of publicly traded stocks or bonds where such ownership constitutes less than 2% of the total outstanding amount of the stocks or bonds of the issuing entity); 4. 3. 9. a company, corporation, or any other contracting entity which employs an individual who is, or within the past six months has been, an employee or official of the State Government in a position that would allow the direct or indirect use or disclosure of information, which was obtained through or in connection with his or her employment and not made available to the general public, for the purpose of furthering the private interest or personal profit of any person; or, any individual, company, or other entity involved in assisting the State in the development, formulation, or drafting of this RFP or its scope of services shall be considered to have been given information that would afford an unfair advantage over other Proposers, and such individual, company, or other entity may not submit a proposal in response to this RFP. For the purposes of applying the requirements of RFP subsection 4. 3. 9, et. seq. , an individual shall be deemed an employee or official of the State Government until such time as all compensation for salary, termination pay, and annual leave has been paid. The State reserves the right, at its sole discretion, to waive a proposal’s variances from full compliance with this RFP. If the State waives minor variances in a proposal, such waiver shall not modify the RFP requirements or excuse the Proposer from full compliance with such.
Notwithstanding any minor variance, the State may hold any Proposer to strict compliance with this RFP. Incorrect Proposal Information If the State determines that a Proposer has provided, for consideration in this RFP process or subsequent contract negotiations, incorrect information that the Proposer knew or should have known was materially incorrect, that proposal shall be determined non-responsive and shall be rejected. 4. 5 Proposal of Additional Services If a proposal offers services in addition to those required by and described in this RFP, the additional services may be added to the contract before contract signing at the sole discretion of the State.
Notwithstanding the foregoing, a Proposer shall not propose any additional cost amount(s) or rate(s) for additional services. NOTICE: The Proposer’s Cost Proposal shall record only the proposed cost as required in this RFP and shall not record any other rates, amounts, or information. If a Proposer fails to submit a Cost Proposal as required, the State shall determine the proposal to be non-responsive and shall reject the proposal. 4. 6 4. 6. 1 4. 6. 2 4. 6. 3 4. 6. 4 4. 7 Assignment and Subcontracting The Proposer awarded a contract pursuant to this RFP may not subcontract, transfer, or assign any portion of the contract without the State’s prior, written approval.
A subcontractor may only be substituted for a proposed subcontractor at the discretion of the State and with the State’s prior, written approval. At its sole discretion, the State reserves the right to refuse approval of any subcontract, transfer, or assignment. Notwithstanding State approval of each subcontractor, the Proposer, if awarded a contract pursuant to this RFP, shall be the prime contractor and shall be responsible for all work performed. Right to Refuse Personnel At its sole discretion, the State reserves the right to refuse any personnel, of the prime contractor or a subcontractor, for use in the performance of a contract pursuant to this RFP. 4. Insurance The State may require the apparent successful Proposer to provide proof of adequate worker’s compensation and public liability insurance coverage before entering into a contract. Additionally, the 10 4. 3. 9. 4 4. 3. 9. 5 4. 3. 10 4. 4 RFP-427. 04-107-08 State may require, at its sole discretion, the apparent successful Proposer to provide proof of adequate professional malpractice liability or other forms of insurance. Failure to provide evidence of such insurance coverage is a material breach and grounds for termination of the contract negotiations. Any insurance required by the State shall be in form and substance acceptable to the State. 4. Licensure Before a contract pursuant to this RFP is signed, the apparent successful Proposer must hold all necessary, applicable business and professional licenses. The State may require any or all Proposers to submit evidence of proper licensure. 4. 10 Service Location and Work Space The service pursuant to this RFP is to be performed, completed, managed, and delivered as detailed in the RFP Attachment 6. 1, Pro Forma Contract. Work space on the State’s premises may be available for contractor use in accordance with the pro forma contract or at the State’s discretion. 4. 11 Proposal Withdrawal A Proposer may withdraw a submitted proposal at any time up to the Proposal Deadline time and date detailed in the RFP Section 2, Schedule of Events.
To do so, a proposer must submit a written request, signed by a Proposer’s authorized representative to withdraw a proposal. After withdrawing a previously submitted proposal, a Proposer may submit another proposal at any time up to the Proposal Deadline. 4. 12 Proposal Errors and Amendments Each Proposer is liable for all proposal errors or omissions. A Proposer will not be allowed to alter or amend proposal documents after the Proposal Deadline time and date detailed in the RFP Section 2, Schedule of Events unless such is formally requested, in writing, by the State. 4. 13 Proposal Preparation Costs The State will not pay any costs associated with the preparation, submittal, or presentation of any proposal. 4. 4 Disclosure of Proposal Contents Each proposal and all materials submitted to the State in response to this RFP shall become the property of the State Government. Selection or rejection of a proposal does not affect this right. All proposal information, including detailed price and cost information, shall be held in confidence during the evaluation process. Notwithstanding, a list of actual proposers submitting timely proposals may be available to the public, upon request, directly after technical proposals are opened by the state. Upon the completion of the evaluation of proposals, indicated by public release of an Evaluation Notice, the proposals and associated materials shall be open for review by the public in accordance with State Code Annotated, Section 10-7-504(a)(7).
By submitting a proposal, the Proposer acknowledges and accepts that the full proposal contents and associated documents shall become open to public inspection. 4. 15 Contractor Registration While registration with the state is not required to make a proposal, a service provider must be registered to do business with the state Government before approval of an awarded contract. To meet this prerequisite, an unregistered service provider must simply register as required prior to contract approval. Fast and easy access to Online Contractor Registration is available at the State’s website. (For more information about registration, please contact the Department of General Services) 4. 6 Contract Approval The RFP and the contractor selection processes do not obligate the State and do not create rights, interests, or claims of entitlement in either the Proposer with the apparent best-evaluated proposal or any other Proposer. Contract award and State obligations pursuant thereto shall commence only after the contract is signed by the Contractor and the head of the procuring state agency and after the contract is approved and signed by all other State officials as required by State laws and regulations. 11 RFP-427. 04-107-08 4. 17 Contract Payments All contract payments shall be made in accordance with the contract’s Payment Terms and Conditions provisions (refer to RFP Attachment 6. 1, Pro Forma Contract, Section C). No payment shall be made until the contract is approved as required by State laws and regulations.
Under no conditions shall the State be liable for payment of any type associated with the contract or responsible for any work done by the Contractor, even work done in good faith and even if the Contractor is orally directed to proceed with the delivery of services, if it occurs before contract approval by State officials as required by applicable statutes and rules of the State Government or before the contract start date or after the contract end date specified by the contract. 4. 18 Contractor Performance The Contractor shall be responsible for the completion of all work set out in the contract. All work is subject to inspection, evaluation, and acceptance by the State. The State may employ all reasonable means to ensure that the work is progressing and being performed in compliance with the contract. At reasonable times, the State may inspect those areas of the Contractor’s place of business that are related to the performance of the contract. If the State requires such an inspection, the Contractor shall provide reasonable access and assistance. 4. 19
Contract Amendment During the course of this contract, the State may request the Contractor to perform additional work for which the Contractor would be compensated. That work shall be within the general scope of this RFP. In such instances, the State shall provide the Contractor a written description of the additional work, and the Contractor shall submit a time schedule for accomplishing the additional work and a price for the additional work based on the rates included in the Contractor’s proposal to this RFP. If the State and the Contractor reach an agreement regarding the work and associated compensation, such agreement shall be effected by means of a contract amendment.
Any such amendment requiring additional work must be mutually agreed upon by the parties and signed by the Contractor and the head of the procuring state agency and must be approved by other State officials as required by State laws and regulations. The Contractor shall not commence additional work until the State has issued a written contract amendment and secured all required approvals. 4. 20 Severability If any provision of this RFP is declared by a court to be illegal or in conflict with any law, said decision shall not affect the validity of the remaining RFP terms and provisions, and the rights and obligations of the State and Proposers shall be construed and enforced as if the RFP did not contain the particular provision held to be invalid. 12 RFP-427. 04-107-08 5 5. 1
PROPOSAL EVALUATION & CONTRACT AWARD Evaluation Categories and Maximum Points The State will consider qualifications and experience, technical approach, technical requirements, and cost in the evaluation of proposals. The maximum points that shall be awarded for each of these categories are detailed below. CATEGORY Qualifications and Experience Technical Approach Cost Proposal MAXIMUM POINTS POSSIBLE 30 40 30 5. 2 Evaluation Process The proposal evaluation process is designed to award the contract not necessarily to the Proposer of least cost, but rather to the Proposer with the best combination of attributes based upon the evaluation criteria. 5. 2. 1 5. 2. 1. 1 The RFP Coordinator will use the RFP Attachment 6. 3, Technical Proposal and Evaluation Guide to manage the Technical Proposal Evaluation and maintain evaluation records.
The RFP Coordinator will review each Technical Proposal to determine compliance with mandatory requirements (refer to RFP Attachment 6. 3, Technical Proposal and Evaluation Guide, Technical Proposal Section A). If the RFP Coordinator determines that a proposal may have failed to meet one or more of the mandatory requirements, the Proposal Evaluation Team will review the proposal and document its determination of whether: (1) the proposal meets requirements for further evaluation; (2) the State will request clarifications or corrections; or, (3) the State will determine the proposal non-responsive to the RFP and reject it. A Proposal Evaluation Team, made up of three or more State employees, will evaluate each Technical Proposal that appears responsive to the RFP.
Each Proposal Evaluation Team member will independently, evaluate each proposal against the evaluation criteria in this RFP, rather than against other proposals, and will score each in accordance with the RFP Attachment 6. 3, Technical Proposal and Evaluation Guide. The State reserves the right, at its sole discretion, to request Proposer clarification of a Technical Proposal or to conduct clarification discussions with any or all Proposers. Any such clarification or discussion shall be limited to specific sections of the proposal identified by the State. The subject Proposer shall put any resulting clarification in writing as may be required by the State. After Technical Proposal evaluations are completed, the RFP Coordinator will open the Cost Proposals and use the RFP Attachment 6. , Cost Proposal and Scoring Guide to calculate and document the Cost Proposal scores. For each responsive proposal, the RFP Coordinator will add the average Technical Proposal score to the Cost Proposal score (refer to RFP Attachment 6. 5, Proposal Score Summary Matrix). Contract Award Process The RFP Coordinator will forward the results of the proposal evaluation process to the head of the procuring agency who will consider the proposal evaluation process results and all pertinent information available to make a determination about the contract award. The State reserves the right to make an award without further discussion of any proposal. 5. 2. 1. 2 5. 2. 1. 3 5. 2. 1. 4 5. 2. 2 5. 2. 3 5. 3 5. 3. 1 13 RFP-427. 04-107-08
Notwithstanding the foregoing, to effect a contract award to a proposer other than the one receiving the highest evaluation score, the head of the procuring agency must provide written justification for such an award and obtain the written approval of the Commissioner of Finance and Administration and the Comptroller of the Treasury. 5. 3. 2 After the agency head’s determination, the State will issue an Evaluation Notice to identify the apparent best-evaluated proposal on the Evaluation Notice date detailed in the RFP Section 2, Schedule of Events. NOTICE: The Evaluation Notice shall not create rights, interests, or claims of entitlement in either the Proposer with apparent best-evaluated proposal or any other Proposer. 5. 3. 3 5. 3. The State will also make the RFP files available for public inspection on the Evaluation Notice date detailed in the RFP Section 2, Schedule of Events. The Proposer with the apparent best-evaluated proposal must agree to and sign a contract with the State which shall be substantially the same as the RFP Attachment 6. 1, Pro Forma Contract. However, the State reserves the right, at its sole discretion, to add terms and conditions or to revise pro forma contract requirements in the State’s best interests subsequent to this RFP process. No such terms and conditions or revision of contract requirements shall materially affect the basis of proposal evaluations or negatively impact the competitive nature of the RFP process. 5. 3. The Proposer with the apparent best-evaluated proposal must sign and return the contract drawn by the State pursuant to this RFP no later than the Contract Signature Deadline date detailed in the RFP Section 2, Schedule of Events. If the Proposer fails to provide the signed contract by the deadline, the State may determine that the Proposer is non-responsive to the terms of this RFP and reject the proposal. If the State determines that the apparent best-evaluated proposal is non-responsive and rejects the proposal after opening the Cost Proposals, the RFP Coordinator will re-calculate scores for each responsive Cost Proposal to determine the new, best-evaluated proposal. 5. 3. 6 14 RFP-427. 04-107-08 CONTRACT BETWEEN THE STATE GOVERNMENT,
DEPARTMENT OF FINANCE AND ADMINISTRATION AND CONTRACTOR NAME This Contract, by and between the State Government, Department of Finance and Administration, hereinafter referred to as the “State” and CONTRACTOR LEGAL ENTITY NAME, hereinafter referred to as the “Contractor,” is for the provision of Information Security Assessment Services as further defined in the “SCOPE OF SERVICES. ” The Contractor is A/AN INDIVIDUAL, FOR-PROFIT CORPORATION, NON-PROFIT CORPORATION, SPECIAL PURPOSE CORPORATION OR ASSOCIATION, PARTNERSHIP, JOINT VENTURE, OR LIMITED LIABILITY COMPANY. Contractor Federal Employer Identification or Social Security Number: ID NUMBER Contractor Place of Incorporation or Organization: LOCATION A. SCOPE OF SERVICES: A. 1. The Contractor shall provide all service and deliverables as required, described, and detailed by this Scope of Services and shall meet all service and delivery timelines specified in the Scope of Services section or elsewhere in this Contract.
Statement of Work Procedures/Provisions The purpose of this Contract is to provide a source for Information Security Assessment Services (ISAS). This Contract does not obligate the State to use the Contractor’s services except as detailed in the Statement of Work Procedures/Process detailed below. A. 2. A. 2. a. Under the terms of this Contract and at the State’s request, the Contractor will provide information security assessment services to the State using the consultants listed in Contract Section C. 3, below (collectively, “consultants”). A. 3. A. 4. The specific roles and responsibilities of Contractor consultants shall be as defined in the Contract and future Statements of Work (SOWs).
The SOW will specify the work location(s) of Contractor consultants. Contractor consultants shall be based on-site and perform their work at State-operated, maintained, and managed facilities in Capitol City, or Contractor consultants shall be based off-site and perform their work at a Contractor location. The State reserves the right to request on-site or off-site work, whichever is deemed to be in the best interest of the project. Standard State work schedules are based on a Monday through Friday thirty seven and one-half (37. 5) hour workweek, typically comprised of five (5) seven and one-half (7. 5) hour workdays, between the hours of 8:00 a. m. EST and 4:30 p. m. CST, excluding State holidays.
Unless specific times are designated in the SOW, work performed under this Contract may occur during the standard State work schedule, on weekends, on State holidays, and/or at off-hours Monday through Friday. Contractor consultants will be compensated at the payment rates in Contract Section C. 3. , regardless of the day, date, or time the tasks are performed or the total number of hours worked during a workweek. Contractor consultants must provide their own personal computing devices (desktop, laptop, etc. ) and licenses for software installed on the devices. Commensurate with the needs of a given project, the State will provide Contractor consultants with office and meeting space, access to telephones, rinters, and copiers, and connections to the Internet and/or State network. The State shall be the sole determinant with regard to facilities, supplies, access, and connections required for any given project. The Contractor understands and agrees that the State has executed and may execute contracts with other parties for services the same as or similar to those described herein. A. 5. A. 6. A. 7. 15 RFP-427. 04-107-08 A. 8. The purpose of this Contract is to establish a source of supply for information security assessment consultants. However, due to the dynamic nature of projects within State government, the State cannot predict the numbers of Contractor consultants that will be required under this Contract.
Therefore, the State makes no guarantees, either stated or implied, about the demand for resources provided through this procurement. The State is not obligated to use any of the Contractor’s consultants. Throughout the term of the Contract, the State retains full control and flexibility with regard to the types, quantities, and timing of Contractor consultant usage. Contractor Objectives and Deliverables A. 9. A. 9. a. Objective 1: Provide Security Vulnerability Assessment and Penetration Testing Services The Contractor shall conduct vulnerability assessments and penetration tests to assist in strengthening the security posture of the State Government.
Vulnerability assessments and penetration testing services shall be used in identifying and validating configuration and/or technical flaws within a given system or network (i. e. firewalls, routers, servers, operating systems, applications, databases, load-balancers, etc. ). A. 9. b. Objective 1 Deliverables: 1. An Assessment Report outlining: i. Details of the methodology used to conduct the security vulnerability assessments and penetration tests; ii. The results including, but not limited to, the full details of the actions taken, and; iii. The detailed documentation of security flaws and remediation recommendations of those flaws found. 2.
Any additional deliverables as defined in the SOW. A. 9. c. Objective 2: Provide Code Review Services The Contractor shall conduct code review services to assist the ISAS User in strengthening the security posture of the State Government. The Contractor shall evaluate source code for programming errors that may lead to security issues (i. e. format string mistakes, buffer overflows, memory leaks, input validation/sanitization mistakes, etc. ). A. 9. d. Objective 2 Deliverables: 1. A Code Review Report outlining: i. Details of the methodology used to conduct code reviews; ii. The results including, but not limited to, the full details of the actions taken; and iii.
The detailed documentation of security flaws and remediation recommendations of those flaws found. 2. Any additional deliverables as defined in the SOW. A. 9. e. Contractor must provide all software tools required to perform the tasks and deliverables as defined in the State’s SOW. All costs associated with software tools must be included in the Consulting Services Hourly Rates listed in Section C. 3. The State will not pay separate costs for software tools. A. 10. Procedures/Stipulations for Providing Consultants. A. 10. a. Statement of Work. The State will provide the Contractor with an SOW describing the requested services, including as follows. i. ii.
Project number, which will be used to track the services through completion; Description and scope of the requested services including the specific information security and other state standard technologies involved and any special data handling due to issues such as confidentiality; iii. Requested project timeframe and any non-standard work schedule tasks; iv. Deliverable(s); 16 RFP-427. 04-107-08 v. Work location; vi. State Project Coordinator; and vii. Deadline for the Contractor to respond to the State’s request (i. e. , response period), which will be no more than five (5) business days measured from the date the SOW was distributed. A. 10. b. Submission of Project Proposal. The Contractor may seek written or verbal clarifications regarding the SOW during the response period. If deemed necessary by the State, the SOW may be modified to clarify its intent and to adjust the response period accordingly.
Within the requested response period, the Contractor will respond to the SOW with a Project Proposal that includes the following: i. ii. iii. iv. Project number from the SOW; Contractor understanding of the work to be performed; Workplan, including a project timeframe, tasks, and resource loading; Staffing plan, specifying the Consultant Classifications from Contract Section C. 3 needed for the project and the hours required for each Consultant Classification; v. Maximum project consultant cost, which the Contractor shall calculate by using the payment rates per hour set forth in Section C. 3. b. for each Consultant Classification needed for the project.
If the project timeframe spans more than one year of the Contract term, the Contractor must calculate the maximum project consultant cost using the payment rates for every effective year. In other words, if the project begin and end dates lie completely within year one of the Contract term, the Contractor would calculate maximum project consultant cost using the payment rates for that Contract year. On the other hand, if the dates begin in Contract year one and extend into any portion of Contract year two, the Contractor must calculate the maximum project consultant cost using the payment rates for both years based on the dates in the Workplan. The same rule would apply for all contract years; the maximum project consultant cost must be calculated using the payment rates for the effective years.
This maximum project consultant cost shall be a “not to exceed” total cost; the State shall pay no more than this cost for the consultant cost for the project, unless amended in the resulting MOU as described in Contract Section A. 10. f. ; and vi. Any Contractor assumptions on which the Project Proposal are based. These assumptions cannot conflict with the terms and provisions of the Contract. In the event of a conflict, the Contract will prevail. A. 10. c. The State has the sole discretion to accept the Contractor’s Project Proposal, request modifications to the Contractor’s Project Proposal, or to reject the Contractor’s Project Proposal in its entirety. A. 10. d. Project Team. The Contractor shall build the project team for each SOW.
The State reserves the right to question the composition of, and request changes to, the proposed project team. A. 10. e. Memorandum of Understanding. After the State has approved the Project Proposal, it will develop a Memorandum of Understanding (MOU) binding the Contractor to its Project Proposal for the associated SOW. (See Contract Attachment B for a draft of the MOU document. ) The State will provide a copy of the fully executed MOU, containing signatures from the Office for Information Resources and the Contractor, to the Contractor. Receipt of a fully executed MOU authorizes the Contractor to provide the requested services and the Contractor consultants to begin work.
The State will not be liable to pay the Contractor for any work performed prior to the Contractor’s receipt of a fully executed MOU. A. 10. f. Memorandum of Understanding Tracking and Amendment. 17 RFP-427. 04-107-08 The MOU will fix the maximum amount of money to be paid in compensation on a particular SOW. This amount cannot be exceeded without an MOU amendment. Such an amendment, if deemed necessary by the State, would increase the maximum potential compensation due the Contractor for the requested services. The Amendment will require the same signatures as the original MOU. For each MOU, the Contractor will track the expenditures against the MOU Maximum Compensation, and will inform the State when expenditures are nearing either cap.
If insufficient funds are remaining in the amount to complete the project, the Contractor will provide the State with a revised Project Proposal for completion of the project. The revised Project Proposal will include the same information requested in the original Project Proposal (see Contract Section A. 10. b. ), updated as needed to complete the project. It must also detail the reason(s) additional funds are required. The State, at its sole option, will either amend the MOU Maximum Compensation to accommodate completion of the project, in part or in whole, or direct the Contractor to cease work on the project. A. 11. Contractor Consultant Performance and Replacement. A. 11. a.
The State shall be the sole judge of the quality of services provided and the project progress achieved by the Contractor’s consultants. The Contractor agrees to remove and replace at the Contractor’s expense, consultants whom the State judges to be incompetent, careless, unsuitable or otherwise objectionable, or whose continued use is deemed contrary to the best interests of the State or deemed not to make substantial contributions to the project. The Contractor agrees not to charge the State for services performed which the State designates as being unacceptable. This provision will not be deemed to give the State the right to require the Contractor to terminate any Contractor employee’s employment.
Rather, this provision is intended to give the State only the right to require that the Contractor discontinue using an employee in the performance of services for the State. A. 11. b. At the State’s request, the Contractor will replace an individual that has voluntarily withdrawn or that the Contractor has voluntarily removed from State assignment. Any requirement for such replacement will be at the State’s sole discretion; the State is not obligated to accept replacement of removed or withdrawn consultants. The State will compensate the Contractor for acceptable services completed by the consultant prior to voluntary withdrawal or removal. A. 11. c. If the State requests a replacement as described in Contract Sections A. 11. a. and A. 11. b. the Contractor will replace the consultant with a consultant of equal or greater years experience as the consultant proposed in the associated Project Proposal for the MOU. The Contractor will be compensated for the replacement consultant at the rate established for the original consultant. A. 11. d. The termination of an individual consultant’s assignment will not necessarily result in the termination of the MOU related to that consultant. A. 12. Miscellaneous Policies and Procedures. A. 12. a. The State will not provide parking for Contractor consultants. A. 12. b. Contractor consultants do not have access to the State clinic. A. 13. Information Security Compliance.
Contractor warrants to the State that it will cooperate with the State in the course of performance of the Contract so that both parties will be in compliance with State Government’s Enterprise Security Policies requirements and any other state and federal computer security regulations including cooperation and coordination with the State’s Office for Information Resources Security Management Team and other compliance officers required by its regulations. The Enterprise Security Policies can be found on the State’s public website at: http://www. state. tn. us/finance/oir/security/secpolicy. html 18 RFP-427. 04-107-08 A. 14. State’s Technical Architecture.
Contractor consultants shall provide all services requested through this Contract within the context of the technical environment described by the State Information Resources Architecture. A. 15. Periodic Meetings. The State reserves the right, at the State’s option, to request periodic meetings with Contractor management staff to discuss topics including, but not limited to, the following: general project direction, management, and coordination; State technical infrastructure and standards; SOW Clarifications; and time keeping and other project progress records. At the State’s sole discretion, these meetings shall occur at a State location or via conference call and shall be at no additional cost to the State. A. 16. Provision of Managed Security Services Disallowed.
The Contractor shall not have active managed security service provider contract(s) with, or otherwise provide managed security services to, any other State Government agency during the term of this Contract. B. CONTRACT TERM: This Contract shall be effective for the period commencing on July 2, 2008 and ending on July 1, 2011. The State shall have no obligation for services rendered by the Contractor which are not performed within the specified period. C. C. 1. PAYMENT TERMS AND CONDITIONS: Maximum Liability. In no event shall the maximum liability of the State under this Contract exceed WRITTEN DOLLAR AMOUNT ($NUMBER). The payment rates in Section C. 3. shall constitute the entire compensation due the Contractor for the Service and all of the Contractor’s obligations hereunder regardless of the difficulty, materials or equipment required.
The payment rates include, but are not limited to, all applicable taxes, fees, overheads, and all other direct and indirect costs incurred or to be incurred by the Contractor. The Contractor is not entitled to be paid the maximum liability for any period under the Contract or any extensions of the Contract for work not requested by the State. The maximum liability represents available funds for payment to the Contractor and does not guarantee payment of any such funds to the Contractor under this Contract unless the State requests work and the Contractor performs said work. In which case, the Contractor shall be paid in accordance with the payment rates detailed in Section C. 3.
The State is under no obligation to request work from the Contractor in any specific dollar amounts or to request any work at all from the Contractor during any period of this Contract. C. 2. Compensation Firm. The payment rates and the maximum liability of the State under this Contract are firm for the duration of the Contract and are not subject to escalation for any reason unless amended. Payment Methodology. The Contractor shall be compensated based on the payment rates herein for units of service authorized by the State in a total amount not to exceed the Contract Maximum Liability established in Section C. 1. a. b. The Contractor’s compensation shall be contingent upon the satisfactory completion of units, milestones, or increments of service defined in Section A.
The Contractor shall be compensated for said units, milestones, or increments of service based upon the following payment rates: C. 3. 19 RFP-427. 04-107-08 Consulting Services Hourly Rates Year 07/02/1107/01/12 $[HOURLY RATE] Consultant Classifications Consultant With Greater Than 15 Years Information Security-Related Experience Consultant With 10 Years To 15 Years Information Security -Related Experience Consultant With 5 Years To Less Than 10 Years Information Security-Related Experience Consultant With Less Than 5 Years Information Security -Related Experience Year 07/02/1207/01/13 $[HOURLY RATE] Year 07/02/1307/01/14 $[HOURLY RATE] $[HOURLY RATE] $[HOURLY RATE] $[HOURLY RATE] $[HOURLY RATE] $[HOURLY RATE] $[HOURLY RATE] $[HOURLY RATE] [HOURLY RATE] $[HOURLY RATE] c. d. The Contractor shall not be compensated for travel time to the primary location of service provision. The Contractor hourly payment rates shall be fully loaded to include all administrative, software tools, and travel costs. The State will not pay any costs for projects apart from hourly payment rates. C. 4. C. 5. Travel Compensation. The Contractor shall not be compensated or reimbursed for travel, meals, or lodging. Invoice Requirements. The Contractor shall invoice the State only for completed increments of service and for the amount stipulated in Section C. 3. above, and as required below prior to any payment. a.
The Contractor shall submit invoices no more often than monthly, with all necessary supporting documentation, to: Jason Harlow, Chief Information Security Officer Department of Finance and Administration, Office of Information Resources 16th Floor, State Government Tower 312 8th Avenue North Capitol City, NY 12345-1600 (Phone) 866-253-5028 (Fax) 866-532-0471 The Contractor agrees that each invoice submitted shall clearly and accurately (all calculations must be extended and totaled correctly) detail the following required information. (1) Invoice/Reference Number (assigned by the Contractor); (2) Invoice Date; (3) Invoice Period (period to which all invoiced charges are applicable); (4) Contract Number (assigned by the State to this Contract); (5) Account Name: Department of Finance and Administration, Division of Security Policy & Audit; (6) Account/Customer Number (uniquely assigned by the Contractor to the abovereferenced Account Name); (7) Contractor Name; b. 20 RFP-427. 04-107-08 c. d. . Contractor Federal Employer Identification Number or Social Security Number (as referenced in this Contract); (9) Contractor Contact (name, phone, and/or fax for the individual to contact with billing questions); (10) Contractor Remittance Address; (11) Complete Itemization of Charges, which shall detail the following: i. Service or Milestone Description including name /title and MOU Project Number of each service invoiced; ii. Number of Completed Units, Increments, Hours, or Days as applicable, of each service invoiced; iii. Applicable Payment Rate (as stipulated in Section C. 3. ) of each service invoiced; iv. Amount Due by Service; and v.
Total Amount Due for the invoice period. The Contractor understands and agrees that an invoice to the State under this Contract shall: (1) include only charges for service described in Contract Section A and in accordance with payment terms and conditions set forth in Contract Section C; (2) not include any future work but will only be submitted for completed service; and (3) not include sales tax or shipping charges. The Contractor agrees that timeframe for payment (and any discounts) begins when the State is in receipt of each invoice meeting the minimum requirements above. The Contractor shall complete and sign a “Substitute W-9 Form” provided to the Contractor by the State.
The taxpayer identification number contained in the Substitute W-9 submitted to the State shall agree to the Federal Employer Identification Number or Social Security Number referenced in this Contract for the Contractor. The Contractor shall not invoice the State for services until the State has received this completed form. (8) C. 6. Payment of Invoice. The payment of the invoice by the State shall not prejudice the State’s right to object to or question any invoice or matter in relation thereto. Such payment by the State shall neither be construed as acceptance of any part of the work or service provided nor as an approval of any of the amounts invoiced therein. Invoice Reductions.
The Contractor’s invoice shall be subject to reduction for amounts included in any invoice or payment theretofore made which are determined by the State, on the basis of audits conducted in accordance with the terms of this Contract, not to constitute proper remuneration for compensable services. Deductions. The State reserves the right to deduct from amounts which are or shall become due and payable to the Contractor under this or any Contract between the Contractor and the State Government any amounts which are or shall become due and payable to the State Government by the Contractor. Automatic Deposits. The Contractor shall complete and sign an “Authorization Agreement for Automatic Deposit (ACH Credits) Form. ” This form shall be provided to the Contractor by the State.
Once this form has been completed and submitted to the State by the Contractor all payments to the Contractor, under this or any other Contract the Contractor has with the State Government shall be made by Automated Clearing House (ACH). The Contractor shall not invoice the State for services until the Contractor has completed this form and submitted it to the State. C. 7. C. 8. C. 9. D. D. 1. STANDARD TERMS AND CONDITIONS: Required Approvals. The State is not bound by this Contract until it is approved by the appropriate State officials in accordance with applicable State laws and regulations. 21 RFP-427. 04-107-08 D. 2. Modification and Amendment. This Contract may be modified only by a written amendment executed by all parties hereto and approved by the appropriate State officials in accordance with applicable State laws and regulations. Termination for Convenience.
The State may terminate this Contract without cause for any reason. Said termination shall not be deemed a Breach of Contract by the State. The State shall give the Contractor at least thirty (30) days written notice before the effective termination date. The Contractor shall be entitled to receive compensation for satisfactory, authorized service completed as of the termination date, but in no event shall the State be liable to the Contractor for compensation for any service which has not been rendered. Upon such termination, the Contractor shall have no right to any actual general, special, incidental, consequential, or any other damages whatsoever of any description or amount. Termination for Cause.
If the Contractor fails to properly perform its obligations under this Contract in a timely or proper manner, or if the Contractor violates any terms of this Contract, the State shall have the right to immediately terminate the Contract and withhold payments in excess of fair compensation for completed services. Notwithstanding the above, the Contractor shall not be relieved of liability to the State for damages sustained by virtue of any breach of this Contract by the Contractor. Subcontracting. The Contractor shall not assign this Contract or enter into a subcontract for any of the services performed under this Contract without obtaining the prior written approval of the State.
If such subcontracts are approved by the State, they shall contain, at a minimum, sections of this Contract below pertaining to “Conflicts of Interest,” “Nondiscrimination,” and “Records” (as identified by the section headings). Notwithstanding any use of approved subcontractors, the Contractor shall be the prime contractor and shall be responsible for all work performed. Conflicts of Interest. The Contractor warrants that no part of the total Contract Amount shall be paid directly or indirectly to an employee or official of the State Government as wages, compensation, or gifts in exchange for acting as an officer, agent, employee, subcontractor, or consultant to the Contractor in connection with any work contemplated or performed relative to this Contract.
Nondiscrimination. The Contractor hereby agrees, warrants, and assures that no person shall be excluded from participation in, be denied benefits of, or be otherwise subjected to discrimination in the performance of this Contract or in the employment practices of the Contractor on the grounds of disability, age, race, color, religion, sex, national origin, or any other classification protected by Federal, State constitutional, or statutory law. The Contractor shall, upon request, show proof of such nondiscrimination and shall post in conspicuous places, available to all employees and applicants, notices of nondiscrimination. Prohibition of Illegal Immigrants.
The requirements of Public Acts of 2006, Chapter Number 878, of the state Government, addressing the use of illegal immigrants in the performance of any Contract to supply goods or services to the state Government, shall be a material provision of this Contract, a breach of which shall be grounds for monetary and other penalties, up to and including termination of this Contract. a. The Contractor hereby attests, certifies, warrants, and assures that the Contractor shall not knowingly utilize the services of an illegal immigrant in the performance of this Contract and shall not knowingly utilize the services of any subcontractor who will utilize the services of an illegal immigrant in the performance of this Contract.
The Contractor shall reaffirm this attestation, in writing, by submitting to the State a completed and signed copy of the document at Attachment A, hereto, semi-annually during the period of this Contract. Such attestations shall be maintained by the Contractor and made available to state officials upon request. Prior to the use of any subcontractor in the performance of this Contract, and semia